Vibe Guard adds three Claude Code audit skills for pre-push review
Vibe Guard is an open-source set of three Claude Code skills that run a structured 3-pass audit — covering production resilience, security, and code comprehension — on your diff before you push.
Score breakdown
Developers using Claude Code can drop these three skills into any project to get a structured, privacy-preserving audit of AI-generated diffs before they push, reducing the risk of shipping production bugs or security holes introduced by AI assistance.
- 01Three slash-command skills: `/vibe-check` (production), `/vibe-secure` (security), `/vibe-explain` (comprehension/cognitive debt)
- 02Runs entirely inside the Claude Code session — no external API calls, no code leaves the machine
- 03`/vibe-check` catches N+1 queries, missing error handling, null edge cases, resource leaks, and data integrity issues
Vibe Guard, published by codecoincognition on GitHub, is a set of Claude Code skills intended to address a core weakness of AI-assisted development: code that compiles and passes review but fails in production due to logic gaps, security oversights, or patterns the developer doesn't fully understand. The project frames this as a 3-pass audit run at the end of every Claude Code session, with each pass handled by a dedicated skill invoked via a slash command.
`/vibe-check` targets production resilience, flagging N+1 queries, missing error handling, null edge cases, scale failures, resource leaks, and data integrity issues.
The three skills cover distinct risk categories. `/vibe-check` targets production resilience, flagging N+1 queries, missing error handling, null edge cases, scale failures, resource leaks, and data integrity issues. `/vibe-secure` focuses on security, looking for hardcoded secrets, injection surfaces, missing auth checks, insecure defaults, and supply chain risks. `/vibe-explain` addresses cognitive debt — identifying opaque code blocks, magic numbers, hidden assumptions, and implicit contracts that the developer may not fully own or understand.
Installation is handled via a single `curl` command that runs `install.sh`, placing skills either globally in `~/.claude/skills/` or project-locally in `.claude/skills/`. Because the skills run as structured prompts inside the Claude Code session itself, no external API calls are made and no code leaves the developer's machine. The project also supports auto-invocation through a `CLAUDE.md` configuration file and includes an optional pre-push hook integration.
Key facts
- 01Three slash-command skills: `/vibe-check` (production), `/vibe-secure` (security), `/vibe-explain` (comprehension/cognitive debt)
- 02Runs entirely inside the Claude Code session — no external API calls, no code leaves the machine
- 03`/vibe-check` catches N+1 queries, missing error handling, null edge cases, resource leaks, and data integrity issues
- 04`/vibe-secure` flags hardcoded secrets, injection surfaces, missing auth checks, insecure defaults, and supply chain risks
- 05`/vibe-explain` surfaces opaque blocks, magic numbers, hidden assumptions, and implicit contracts
- 06Installed via a single `curl` command to `~/.claude/skills/` (global) or `.claude/skills/` (project-local)
- 07Can be auto-invoked via a project `CLAUDE.md` file or wired into an optional pre-push hook